Chapter 1 Flashcards
Use Case
Describes a goal than an organization wants to achieve.
Actors
A person
Precondition
Must occur before the process can start
Trigger
Starts the use case
Postcondition
Occurs after the actor triggers the process
Normal Flow
Lists each step in specific order
Confidentiality
Prevents the unauthorized disclosure of data
Encryption
Scrambles data to make it unreadable
PII
Personally Identifiable Information
Access Controls
Identification, authentication, and authorization.
Identification
User claimed identity
Authentication
Users prove their identity
Authorization
Grant or restrict access to resources after authentication.
Steganography
Hiding data within data
Obfuscation
METHOD to attempt to make something unclear or difficult.
Integrity
Provides assurances that data has not changed.
Hashing
A number created by an algorithm against data to ensure integrity.
Hashing Algorithms
Message Digest 5 (MD5), Secure Hash Algorithm (SHA), and Hash-based Message Authentication Code (HMAC)
MAC (NIC)
Media Access Control
MAC (Mandatory)
Mandatory Access Control
MAC (Message)
Message authentication code
Digital Signature
Provides authentication and non-repudiation
Non-repudiation
Verifies the user. Non-deniable.
Availability
Indicates that data and services are available when needed.
Redundancy
Adds duplication to critical systems and provide fault tolerance.
Fault Tolorance
Allows services to continue without interruption in the case of a fault.
Disk redundancies
Fault-tolerant disks, such as RAID-1, RAID-5, and RAID-10.
Server redundancies
Failover clusters ensure a service will continue to operate, even if a server fails.
Load balancing
Uses multiple servers to support a single service
Site redundancies
If a site can no longer function due to a disaster, such as a fire, flood, hurricane, or earthquake, the organization can move critical systems to an alternate site.
Risk
is the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Threat
any circumstance or event that has the potential to compromise confidentiality, integrity, or availability.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Vulnerability
is a weakness.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Security Incident
an adverse event or series of events that can negatively affect the confidentiality, integrity, or availability of an organization’s information technology (IT) systems and data.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Risk mitigation
Reduces the changes that a threat will exploit a vulnerability.
Control Types
Technical controls, Administrative controls, Phycial controls, Preventive controls, Detective controls, Corrective controls, Deterrent controls, Compensating controls.
Administrative Controls
use administrative or management methods.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Physical Controls
refer to controls you can physically touch.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Preventive Controls
attempt to prevent an incident from occurring.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Detective controls
attempt to detect incidents after they have occurred.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Corrective Controls
attempt to reverse the impact of an incident.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Deterrent Controls
attempt to discourage individuals from causing an incident.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Compensating Controls
alternative controls used when a primary control is not feasible.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
How Security Controls Are Implemented
Technical, Administrative, Physical.
Goals of security controls
Preventive, Detective, Corrective, Deterrent, Compensating.
IDSs
Intrusion detection system
IPSs
Intrusion prevention system
IDSs and IPSs Function
monitor a network or host for intrusions and provide ongoing protection against various threats.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Firewall
Restrict network traffic going in and out of a network.
Least Priviledge
that individuals or processes are granted only the privileges they need to perform their assigned tasks or functions, but no more.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Risk Assessments
quantify and qualify risks within an organization so that the organization can focus on the serious risks.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Vulnerability Assessments
attempts to discover current vulnerabilities or weaknesses. When necessary, an organization implements additional controls to reduce the risk from these vulnerabilities.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Penetration Tests
attempting to exploit vulnerabilities.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
NIST
National Institute of Standards and Technology
Hardening
the practice of making a system or application more secure than its default configuration.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
IPS Function
attempts to detect attacks and then modify the environment to block the attack from continuing.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
TOTP
Time-based One-Time Password
Virtualiztion
allows you to host one or more virtual systems, or virtual machines (VMs), on a single physical system.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Hypervisor
software that creates, runs, and manages the VMs
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Type I Hypervisor
run directly on the system hardware.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Type II Hypervisor
run as software within a host operating system.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Application Cell
virtualization or container virtualization runs services or applications within isolated application cells (or containers).
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
VDI
Virtual Desktop Infrasctructure
VDE
Virtual Desktop Environment
VM Escape
an attack that allows an attacker to access the host system from within the virtual system.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
VM Sprawl
sprawl occurs when an organization has many VMs that aren’t managed properly.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Kali Linux
a free Linux distribution used by many security professionals for penetration testing and security auditing.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Hyper-V
Windows VM Support
VMware Workstation Player
Free VM software
Oracle VMVirtualBox
Oracle VM software
Ping
a basic command used to test connectivity for remote systems.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
ipconfig
shows the Transmission Control Protocol/Internet Protocol (TCP/IP) configuration information for a system.
Entered by itself, the command provides basic information about the NIC, such as the IP address, subnet mask, and default gateway.
ipconfig /all
This command shows a comprehensive listing of TCP/IP configuration information for each NIC.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
ipconfig /displaydns
this command shows the contents of the DNS cache.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
ipconfig /flushdns
erase the contents of the DNS cache with this command.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
ifconfig
Linux command similar to ipconfig.
ifconfig eth0
This command shows the configuration of the first Ethernet interface (NIC) on a Linux system.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
ifconfig eth0 promisc
This command enables promiscuous mode on the first Ethernet interface.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
ifconfig eth0 allmulti
This command enables multicast mode on the NIC.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
netstat
allows you to view statistics for TCP/IP protocols on a system.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
ESTABLISHED
The normal state for the data transfer phase of a connection.
LISTEN
Indicates the system is waiting for a connection request.
CLOSE_WAIT
This indicates the system is waiting for a connection termination request.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
TIME_WAIT
This indicates the system is waiting for enough time to pass to be sure the remote system received a TCP-based acknowledgment of the connection.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
SYN_SENT
This indicates the system sent a TCP SYN (synchronize) packet as the first part of the SYN, SYN-ACK (synchronize-acknowledge), ACK (acknowledge) handshake process and it is waiting for the SYN-ACK response.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
SYN_RECEIVED
This indicates the system sent a TCP SYN-ACK packet after receiving a SYN packet as the first part of the SYN, SYN-ACK, ACK handshake process.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
tracert
command lists the routers between two systems.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
arp
a command-line tool that is related to the Address Resolution Protocol (ARP)
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
